jQuery in Action, 3rd edition
The moose likes Tomcat and the fly likes SSL Cert Error - Mismatched Address Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "SSL Cert Error - Mismatched Address" Watch "SSL Cert Error - Mismatched Address" New topic

SSL Cert Error - Mismatched Address

Ed James

Joined: Feb 10, 2010
Posts: 7
Hi all,

I have just setup a new Tomcat installation and created a keystore, created a CSR, created the Cert (using our internal CA), imported the root cert into the keystore and then the site cert into the keystore (alias www.somesite.ourdomain.ca). Looks like I've created everything correctly - no errors during any of these steps. However, when I load the site, I get "Certificate Error: Mismatched Address". I thought that I just needed to add a Host name entry into the server.xml conf file to include www.somesite.ourdomain.ca but I'm missing something. Can someone help me with this? What am I overlooking? As you can tell, I'm new to Tomcat :-)

Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 17410

If this is the message I think it is, the hostname on the SSL cert doesn't match the hostname that you're serving it from.

An IDE is no substitute for an Intelligent Developer.
Ben Souther

Joined: Dec 11, 2004
Posts: 13410

When you generate your cert request with the Java keytool it asks you a series of questions.
One of them is your first and last name (which is misleading).
What it really wants there is the domain name. If that doesn't match the domain of your server you will get this message.

For instance, if you were generating a key for www.acme.com your keytool session would look like:

Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
I agree. Here's the link: http://aspose.com/file-tools
subject: SSL Cert Error - Mismatched Address
jQuery in Action, 3rd edition